Transmitter for Transmitting a Secure Access Signal

ABSTRACT

A transmitter ( 116 ) for transmitting a secure access signal to a system ( 117 ) for providing secure access to a controlled item ( 111 ) is disclosed. The access is dependent on information contained in the secure access signal. The transmitter ( 116 ) comprises a biometric sensor ( 121 ) for receiving a biometric signal and a processor ( 1005 ) for matching the biometric signal against members of a database ( 105 ) of biometric signatures. The transmitter ( 116 ) comprises enabling means (e.g.,  127 ) for enabling an inductive circuit, based on the matching of the biometric signal, to transmit the secure access signal conveying the information to the system ( 117 ) upon the inductive circuit being placed within range of a radio frequency field emitted by the system ( 117 ).

FIELD OF THE INVENTION

The present invention relates to secure access systems and, inparticular, to systems for remote entry access.

BACKGROUND

FIG. 1 shows a conventional arrangement for providing secure access. Auser 401 makes a request, as depicted by an arrow 402, directed to acode entry module 403. The module 403 is typically mounted on theexternal jamb of a secure door. The request 402 is typically a securecode of some type which is compatible with the code entry module 403.Thus, for example, the request 402 can be a card number stored within aconventional proximity card used to direct the request 402 to a cardreader 403. Alternatively, the request 402 can be a sequence of secretnumbers directed to a keypad 403. The request 402 can also be abiometric signal from the user 401 directed to a corresponding biometricsensor 403. One example of a biometric signal is a fingerprint. Otherphysical attributes that can be used to provide biometric signalsinclude voice, retinal or iris pattern, face pattern, palm configurationand so on.

The code entry module 403 conveys the request 402 by sending acorresponding signal, as depicted by an arrow 404, to a controller 405which is typically situated in a remote or inaccessible place. Thecontroller 405 authenticates the security information provided by theuser 401 by interrogating a database 407 as depicted by an arrow 406. Ifthe user 401 is authenticated, and has the appropriate accessprivileges, then the controller 405 sends an access signal, as depictedby an arrow 408, to a device 409 in order to provide the desired access.The device 409 can, for example, be the locking mechanism of a securedoor, or can be an electronic lock on a personal computer (PC) which theuser 401 desires to access.

Current systems as depicted in FIG. 1 utilise a communication protocolcalled “Wiegand” for communication between the code entry module 403 andthe controller 405. The Wiegand protocol is a simple one-way dataprotocol that can be modified by increasing or decreasing the bit countto ensure uniqueness of the protocol among different security companies,The Wiegand protocol does not secure the information being sent betweenthe code entry module 403 and the controller 405.

More advanced protocols such as RS 485 have been used in order toovercome the vulnerability of the Wiegand protocol over long distanceroutes. RS 485 is a duplex protocol offering encryption capabilities atboth the transmitting and receiving ends, ie. the code entry module 403and the controller 405 respectively in the present case. The length ofthe path 404 nonetheless provides an attack point for the unauthorisedperson.

Proximity cards have become a popular means for emitting the request402, since proximity cards are cheap, easy to use and convenient tocarry for the user 401. Typically, proximity cards comprise an inductivecircuit including an integrated circuit (IC), a capacitor, and a coil,which are connected in series within the card. When a proximity card 410is placed within range of the code entry module 403 (or “card reader”),the code entry module 403 presents a field that excites the coil andcharges the capacitor, which in turn energizes the IC on the proximitycard 410. The IC then transmits a card number stored within the IC, viathe coil as transmit antenna, to the code entry module 403. The fieldemitted by the code entry module 403 for older proximity cards istypically around 125 kHz. The field emitted by the code entry module 403for newer proximity cards is typically around 13.56 MHz. These newerproximity cards are typically in the form of contactless RFID cardswhich are also known as “contactless smartcards”. Proximity cards have acommunication range of 0-80 mm in most instances, allowing the user toplace the card 410 within 80 mm of the code entry module 403 in orderfor the card to be read by the code entry module 403. The term“communication range” refers, in the described example, to the distanceto within which the proximity module 126 and the code entry module 130must be brought in order for their respective transmit/receive antennasto be able to achieve satisfactory communications.

Conventional proximity cards (e.g., 410) used for emitting the request402 may be lost by the user 401, and the lost proximity card 410 may beused by an unauthorised person to gain the desired access. In fact,there has been a high incidence of such fraudulent activity withconventional proximity cards where unauthorised persons steal the cards.As a result many users have looked to upgrade their proximity cardsecure access systems with other more secure systems. However, the costof such up-grades is high due to the necessity to re-wire buildings andfacilities to implement the upgrades.

SUMMARY

It is an object of the present invention to substantially overcome, orat least ameliorate, one or more disadvantages of existing arrangements.

According to a first aspect of the present invention there is provided atransmitter for transmitting a secure access signal to a system forproviding secure access to a controlled item, said access beingdependent on information contained in the secure access signal, thetransmitter comprising:

-   -   a biometric sensor for receiving a biometric signal;    -   a processor for matching the biometric signal against members of        a database of biometric signatures; and    -   enabling means for enabling an inductive circuit, based on the        matching of the biometric signal, to transmit the secure access        signal conveying the information to the system upon the        inductive circuit being placed within range of a radio frequency        field emitted by the system.

According to another aspect of the present invention there is provided amethod of transmitting a secure access signal to a system for providingsecure access to a controlled item, said access being dependent oninformation contained in the secure access signal, the methodcomprising:

-   -   receiving a biometric signal;    -   matching the biometric signal against members of a database of        biometric signatures; and    -   enabling an inductive circuit, based on the matching of the        biometric signal, to transmit the secure access signal conveying        the information to the system upon the inductive circuit being        placed within range of a radio frequency field emitted by the        system.

According to still another aspect of the present invention there isprovided a computer program product having a computer readable mediumhaving a computer program recorded therein for transmitting a secureaccess signal to a system for providing secure access to a controlleditem, said access being dependent on information contained in the secureaccess signal, the program comprising:

-   -   code for receiving a biometric signal;    -   code for matching the biometric signal against members of a        database of biometric signatures; and    -   code for enabling an inductive circuit, based on the matching of        the biometric signal, to transmit the secure access signal        conveying the information to the system upon the inductive        circuit being placed within range of a radio frequency field        emitted by the system.

According to still another aspect of the present invention there isprovided a system for providing secure access to a controlled item, thesystem comprising:

-   -   a database of biometric signatures;    -   a transmitter sub-system comprising:        -   a biometric sensor for receiving a biometric signal;        -   means for matching the biometric signal against members of            the database of biometric signatures; and        -   means for enabling an inductive circuit, based on the            matching of the biometric signal, to transmit a secure            access signal conveying information upon the inductive            circuit being placed within range of a radio frequency            field; and    -   a receiver sub-system comprising;        -   means for emitting the radio frequency field;        -   means for receiving the transmitted secure access signal            upon the radio frequency field being emitted; and        -   means for providing conditional access to the controlled            item dependent upon said information.

According to still another aspect of the present invention there isprovided a transmitter sub-system for operating in a system forproviding secure access to a controlled item, the system comprising adatabase of biometric signatures, a receiver sub-system comprising meansfor emitting a radio frequency field, means for receiving a secureaccess signal transmitted by the transmitter sub-system, and means forproviding conditional access to the controlled item dependent uponinformation conveyed in the secure access signal; wherein thetransmitter sub-system comprises:

-   -   a biometric sensor for receiving a biometric signal;    -   means for matching the biometric signal against members of the        database of biometric signatures; and    -   means for enabling an inductive circuit, based on the matching        of the biometric signal, to transmit a secure access signal        conveying said information upon the inductive circuit being        placed within range of the radio frequency field.

According to still another aspect of the present invention there isprovided a receiver sub-system for operating in a system for providingsecure access to a controlled item, the system comprising a database ofbiometric signatures, a transmitter sub-system comprising a biometricsensor for receiving a biometric signal, means for matching thebiometric signal against members of the database of biometricsignatures, and means for enabling an inductive circuit, based on thematching of the biometric signal, to transmit a secure access signalconveying information; wherein the receiver sub-system comprises:

-   -   means for emitting a radio frequency field;    -   means for receiving the transmitted secure access signal from        the transmitter sub-system upon the inductive circuit being        placed within range of a radio frequency field; and    -   means for providing conditional access to the controlled item        dependent upon said information.

According to still another aspect of the present invention there isprovided a system for providing secure access to one of a plurality ofcontrolled items, the system comprising:

-   -   a database of biometric signatures;    -   a transmitter sub-system comprising:        -   a biometric sensor for receiving a biometric signal;        -   means for determining if the received biometric signal            matches a member of the database of biometric signatures;        -   a plurality of proximity modules associated with the            plurality of controlled items;        -   means for selecting one of said plurality of proximity            modules; and        -   means for enabling, if the received biometric signal matches            a member of the database of biometric signatures, the            selected proximity module which can consequently transmit a            secure access signal conveying information stored in the            selected proximity module upon the proximity module being            placed within range of a radio-frequency field adapted to            activate the selected proximity module; and    -   a receiver sub-system comprising;        -   means for emitting said radio frequency field adapted to            activate the selected proximity module;        -   means for receiving the transmitted secure access signal            upon the radio frequency field being emitted; and        -   means for providing conditional access to the selected            controlled item dependent upon said information.

According to still another aspect of the present invention there isprovided a transmitter for transmitting a secure access signal to asystem for providing secure access to one of a plurality of controlleditems, said access being dependent on information contained in thesecure access signal, the transmitter comprising:

-   -   a biometric sensor for receiving a biometric signal;    -   means for determining if the received biometric signal matches a        member of a database of biometric signatures;    -   a plurality of proximity modules associated with the plurality        of controlled items;    -   means for selecting one of said plurality of proximity modules;        and    -   means for enabling, if the received biometric signal matches a        member of the database of biometric signatures, the selected        proximity module which can consequently transmit a secure access        signal conveying information stored in the selected proximity        module upon the proximity module being placed within range of a        radio-frequency field adapted to activate the selected proximity        module.

According to still another aspect of the present invention there isprovided a receiver sub-system in a system for providing secure accessto one of a plurality of controlled items, the system comprising adatabase of biometric signatures, a transmitter sub-system comprising abiometric sensor for receiving a biometric signal, means for determiningif the received biometric signal matches a member of the database ofbiometric signatures, a plurality of proximity modules associated withthe plurality of controlled items, means for selecting one of saidplurality of proximity modules, and means for enabling, if the receivedbiometric signal matches a member of the database of biometricsignatures, the selected proximity module which can consequentlytransmit a secure access signal conveying information stored in theselected proximity module upon the proximity module being placed withinrange of a radio-frequency field adapted to activate the selectedproximity module; said receiver sub-system comprising:

-   -   means for emitting said radio frequency field adapted to        activate the selected proximity module;    -   means for receiving the transmitted secure access signal upon        the radio frequency field being emitted; and    -   means for providing conditional access to the selected        controlled item dependent upon said information.

According to still another aspect of the present invention there isprovided a system for performing a secure transaction, the systemcomprising:

-   -   a database of one or more biometric signatures;    -   a first subsystem comprising:        -   a biometric sensor for receiving a biometric signal;        -   means for matching the biometric signal against members of            the database of biometric signatures to thereby determine an            authentication signal; and        -   means for generating a first password dependent upon said            authentication signal, said password being generated            according to an encryption process based on a dynamic input            value, said first password comprising an encrypted value            representing funds available; and    -   a second sub-system comprising;        -   means for receiving the first password;        -   means for determining the funds available based on the            received password; and        -   means for performing the transaction based on the available            funds.

According to still another aspect of the present invention there isprovided a first sub-system for operating in a system for performing asecure transaction, the system comprising a database of biometricsignatures, a second sub-system comprising means for receiving apassword, and means for performing the secure transaction based onavailable funds dependent upon the password, the first subsystemcomprising:

-   -   a biometric sensor for receiving a biometric signal;    -   means for matching the biometric signal against members of the        database of biometric signatures to thereby determine an        authentication signal; and    -   means for generating the password dependent upon said        authentication signal, wherein said password is generated        according to an encryption process based on a dynamic input        value, said first password comprising an encrypted value        representing said funds available.

According to still another aspect of the present invention there isprovided a system for performing a secure transaction over a networkusing a card, the system comprising:

-   -   a database of one or more biometric signatures;    -   a first subsystem comprising:        -   a biometric sensor for receiving a biometric signal;        -   means for matching the biometric signal against members of            the database of biometric signatures to thereby determine an            authentication signal; and        -   means for generating a password dependent upon said            authentication signal, said password being generated            according to an encryption process based on a dynamic input            value, said first password comprising an encrypted value            representing said magnetic stripe card; and    -   a second sub-system comprising;        -   means for reading the card;        -   means for receiving the password;        -   means for authenticating the received password based on the            card number encrypted within password; and        -   means for performing the transaction based on the            authentication.

According to still another aspect of the present invention there isprovided a method of transmitting a secure access signal to a system forproviding secure access to one of a plurality of controlled items, saidaccess being dependent on information contained in the secure accesssignal, the method comprising the steps of:

-   -   receiving a biometric signal;    -   matching the biometric signal to a member of a database of        biometric signatures;    -   selecting one of a plurality of proximity modules, the selected        proximity module being associated with at least one of the        plurality of controlled items; and    -   enabling the selected proximity module, if the received        biometric signal matches a member of the database of biometric        signatures, the enabled selected proximity module being        configured for transmitting a secure access signal conveying        information stored in to the selected proximity module upon the        proximity module being placed within range of a radio-frequency        field adapted to activate the selected proximity module.

According to still another aspect of the present invention there isprovided a method for performing a secure transaction over a networkusing a card, the method comprising:

-   -   matching a biometric signal against members of a database of        biometric signatures to thereby determine an authentication        signal; and    -   generating a password dependent upon said authentication signal,        said password being generated according to an encryption process        based on a dynamic input value, said password comprising an        encrypted number representing said card;    -   reading the card to determine said card number from said card;    -   authenticating a received password based on the card number,        encrypted within password; and    -   performing the transaction based on the authentication.

According to still another aspect of the present invention there isprovided a computer program product having a computer readable mediumhaving a computer program recorded therein for transmitting a secureaccess signal to a system for providing secure access to a controlleditem, said access being dependent on information contained in the secureaccess signal, the program comprising:

-   -   code for receiving a biometric signal;    -   code for matching the biometric signal to a member of a database        of biometric signatures;    -   code for selecting one of a plurality of proximity modules, the        selected proximity module being associated with at least one of        the plurality of controlled items; and    -   code for enabling the selected proximity module, if the received        biometric signal matches a member of the database of biometric        signatures, the enabled selected proximity module being        configured for transmitting a secure access signal conveying        information stored in the selected proximity module upon the        proximity module being placed within range of a radio-frequency        field adapted to activate the selected proximity module.

According to still another aspect of the present invention there isprovided a computer program product having a computer readable mediumhaving a computer program recorded therein for performing a securetransaction over a network using a card, the program comprising:

-   -   code for matching a biometric signal against members of a        database of biometric signatures to thereby determine an        authentication signal; and    -   code for generating a password dependent upon said        authentication signal, said password being generated according        to an encryption process based on a dynamic input value, said        password comprising an encrypted number representing said card;    -   code for reading the card to determine the card number from said        card;    -   code authenticating a received password based on the card number        encrypted within password; and    -   code for performing the transaction based on the authentication.

Other aspects of the invention are also disclosed.

BRIEF DESCRIPTION OF THE DRAWINGS

Some aspects of the prior art and one or more embodiments of the presentinvention are described with reference to the drawings, in which:

FIG. 1 shows a conventional arrangement for providing secure access;

FIG. 2 is a functional block diagram of a system for providing secureaccess according to an exemplary embodiment of the present invention;

FIG. 3 shows an example of a method of operation of a transmittersub-system of the system of FIG. 2;

FIG. 4 shows an example of a method of operation of a receiversub-system of the system of FIG. 2;

FIG. 5A shows an example of a method of operation of the transmittersub-system of FIG. 2 where the IC is a smart card chip;

FIG. 5B shows an example of a method of operation of the receiversub-system of FIG. 2 where the IC is a smart card chip;

FIG. 6 is a schematic block diagram of the system in FIG. 2;

FIGS. 7A and 7B show an alternate arrangement for enabling the proximitymodule in FIG. 2;

FIG. 8 shows how the secure access system of FIG. 2 can support multipleselectable proximity modules;

FIG. 9 shows an example of a method of operation of the arrangement ofFIG. 8;

FIG. 10 shows an example of a method of making an online payment usingthe arrangement of FIG. 8;

FIG. 11 is a functional block diagram of a general purpose computersystem upon which the method of FIG. 10 may be implemented;

FIG. 12 shows an example of a method of debiting an amount of funds froman account stored within the transmitter sub-system of FIGS. 2 and 8;

FIG. 13 shows how the secure access system of FIG. 2 can support one ormore conventional proximity modules according to another embodiment; and

FIG. 14 shows an example of a method of performing a secure transactionusing the arrangement of FIG. 13.

DETAILED DESCRIPTION INCLUDING BEST MODE

It is to be noted that the discussions contained in the “Background”section relating to prior art arrangements relate to discussions ofdocuments or devices which form public knowledge through theirrespective publication and/or use. Such should not be interpreted as arepresentation by the present inventor(s) or patent applicant that suchdocuments or devices in any way form part of the common generalknowledge in the art.

Where reference is made in any one or more of the accompanying drawingsto steps and/or features, which have the same reference numerals, thosesteps and/or features have for the purposes of this description the samefunction(s) or operation(s), unless the contrary intention appears.

FIG. 2 is a functional block diagram of a system 100 for providingsecure access according to the exemplary embodiment. A user 101 makes arequest, as depicted by an arrow 102, to a biometric module 103. Thebiometric module 103 includes a biometric sensor 121 and the request 102takes the form of a biometric signal which corresponds to the nature ofthe sensor 121 in the module 103. In the embodiments described herein,the biometric sensor 121 in the module 103 is a fingerprint sensor andthe request 102 typically takes the form of a thumb press on a sensorpanel (not shown) on the module 103. Alternatively, the biometric sensor121 may be responsive to one or more of voice, retinal pattern, irispattern, face pattern and palm configuration.

The module 103 interrogates, as depicted by an arrow 104, a useridentity database 105. Thus for example if the request 102 is the thumbpress on the biometric sensor panel 121 then the user database 105contains one or more members in the form of biometric signatures forauthorised users against which the request 102 can be authenticated. Ifthe identity of the user 101 is authenticated successfully, then thebiometric module 103 sends a signal 106 to a controller 107. Uponreceiving the signal 106, the controller 107 sends a signal, as depictedby an arrow 112, to a switch module 113 comprising a “normally open”switch 127. Any suitable mechanical or electronic (e.g., semiconductor)switch may be used to implement the switch 127.

As seen in FIG. 2, the switch module 113 is connected to a proximitymodule 126. The proximity module 126 comprises an inductive circuitformed from an IC 128, a coil 129 and a capacitor 131, which areconnected in series. The IC 128 has information in the form of a uniquecard number stored within a memory of the IC 128. The switch 127 of theswitch module 113 is connected in series with the IC 128, the coil 129and the capacitor 131 of the proximity module 126. Accordingly, theproximity module 126 is similar to that used in conventional proximitycards such as those provided by financial institutions such as VISA®,MASTERCARD®, AMERICAN EXPRESS® and so on. However, the switch module 113is configured to close and open the circuit formed by the IC 128, thecoil 129 and the capacitor 131, thereby enabling and disabling theproximity module 126, respectively.

Upon receiving the signal 112 from the controller 107, the switch module113 closes the normally open switch 127 for a predetermined period oftime (e.g., four to five seconds). Within this period the inductivecircuit in the proximity card module 126 is enabled and may be placed bythe user 101 within range of a radio frequency field being emitted by acode entry module 130. The field emitted by the code entry module 130excites the coil 129 and charges the capacitor 131, which in turnenergizes the IC 128 and thus activates the proximity module 126. The IC128 then transmits, as depicted by an arrow 132, a secure access signal,via the coil as transmit antenna, to the code entry module 130.Accordingly, the secure access signal 132 is transmitted via theinductive circuit. The secure access signal 132 is configured forconveying information including the card number stored within the memoryof the IC 128.

The switch 127 is preferably implemented in the form of a flip/floparrangement where upon receiving the signal 112 the switch 127 willclose but will automatically return to the normally open position at theend of the predetermined period. Accordingly, if the proximity cardmodule 126 is not placed within the range of the code entry module 130within the predetermined period, then the field emitted by the codeentry module 130 will not charge the capacitor 131 as the switch 127 hasopened the circuit formed by the IC 128, coil 129 and capacitor 131. Inthis instance, the user 101 again makes the request 102 in order toenable the proximity module 126.

Upon receiving the secure access signal 132 including the card numberfrom the proximity card module 126, the code entry module 130 sends asignal, as depicted by an arrow 108, including the card number to acontroller 109. The controller 109 tests the card number received fromthe code entry module 130 against a database 115 of card numbers, thistesting being depicted by an arrow 114. If the incoming card numberreceived from the code entry module 130 is found to be legitimate, thenthe controller 109 sends a command, as depicted by an arrow 110, to acontrolled item 111. The controlled item 111 can be a door lockingmechanism on a secure door, or an electronic lock (or key circuit) on apersonal computer (PC) that is to be accessed by the user 101.Accordingly, access to the controlled item 111 is dependent on theinformation (e.g., the card number) contained in the secure accesssignal 132. The system 100 provides conditional access to the controlleditem 111 dependent upon the information contained in the secure accesssignal 132.

It is noted that the controller 109 contains a receiver 118 thatreceives the signal 108 including the card number and converts thesignal 108 into a form, as depicted by an arrow 120, that the controller109 can use.

The biometric module 103 also incorporates at least one mechanism forproviding feedback to the user 101. This mechanism can, for example,take the form of one or more Light Emitting Diodes (LEDs) 122 which canprovide visual feedback, depicted by an arrow 123 to the user 101.Alternately, or in addition, the mechanism can take the form of an audiosignal provided by an audio transducer 124 providing audio feedback 125.Similarly, the code entry module 130 may also incorporate one or moremechanisms for providing feedback to the user 101.

The transmitter sub-system (or transmitter) in FIG. 2 falling to theleft hand side, as depicted by an arrow 116, of a dashed line 119 may beimplemented in a number of different forms. The transmitter sub-system116 (or transmitter), including the biometric module 103, the switchmodule 113, the user ID database 105, the controller 107 and theproximity module 126, may for example be incorporated within a remotefob (which is a small portable device carried by the user 101) or even amobile (cell) telephone. The biometric module 103 may be powered by aninternal battery of the fob or telephone.

Similar to the transmitter sub-system 116, the code entry module 130,the controller 109, database 115 and the controlled item 111 form areceiver sub-system 117 as seen in FIG. 2.

The code entry module 130 may be mounted in a protected enclosure on theoutside jamb of a secured door. In this instance, the channel used bythe signal 108 typically uses a wired medium. However, the code entrymodule 130 may communicate with the controller 109 via a wirelesscommunication channel used by the signal 108.

The controller 109, database 115 and controlled item 111 are typicallylocated in an inaccessible area such as a hidden roof space oralternately in a suitable protected area such as an armoured cupboard.In the case that a wireless communication channel is used by the signal108, the location of the controller 109 is of course consistent withreliable reception of the wireless signal 108.

In the case that the code entry module 130 communicates with thecontroller 109 via a wireless communication channel, the signal 108 maybe based upon rolling code. However, it is noted that this is merely onearrangement, and other secure codes can equally be used. Thus, forexample, either of the Bluetooth™ protocol, or the Wi Fi™ protocols maybe used.

Rolling codes provide a substantially non-replayable non-repeatable andencrypted radio frequency data communications scheme for securemessaging. These codes use inherently secure protocols and serial numberciphering techniques which may be used to hide clear text valuesrequired for authentication.

Rolling codes may use a different code variant each time thetransmission of the signal 108 occurs. This is achieved by encryptingthe data from the code entry module 130 with a mathematical algorithm,and ensuring that successive transmissions of the signal 108 aremodified using a code and/or a look-up table known to both the codeentry module 130 and the receiver sub-system 117. Using this approach,successive transmissions are modified, resulting in a non-repeatabledata transfer, even if the information from the code entry module 130remains the same. The modification of the code in the signal 108 foreach transmission significantly reduces the likelihood that an intrudercan access the information and replay the information to thereby gainentry at some later time.

The biometric signature database 105 is shown in FIG. 2 to be part ofthe transmitter sub-system 116. The sub-system 116 may comprise a memory1006 (see FIG. 6) containing the database 105 of biometric signatures.As described above, the transmitter sub-system 116 including thedatabase 105 may be implemented as a remote fob, where the fobincorporates the biometric (e.g. fingerprint) authenticationarrangement. However, in an alternate arrangement, the biometricsignature database 105 can be located in the receiver sub-system 117together with the controller 109, in which case the communication 104between the biometric module 103 and the signature database 105 can alsobe performed over a secure wireless communication channel. In the eventthat the secure access system 100 is being applied to providing secureaccess to a PC, then the secured PC can store the biometric signature ofthe authorised user in internal memory, and the PC can be integratedinto the sub-system 117 of FIG. 1.

The combination of the biometric verification and proximity module 126in a remote fob provides a particularly significant advantage overcurrent proximity card systems. If the remote fob is lost by the user101, the lost remote fob may not be used by an unauthorised person togain the desired access. Further, the security of conventional proximitycard systems may be improved without the need to upgrade existinginfrastructure.

FIG. 3 shows the method 200 of operation of the transmitter sub-system116 of FIG. 2. The method 200 commences with a testing step 201 in whichthe biometric sensor 121 in the code entry module 103 checks whether abiometric signal 102 is being received. If this is not the case, thenthe method 200 is directed in accordance with a NO arrow back to thestep 201 in a loop. If, on the other hand, the biometric signal 102 hasbeen received, then the method 200 is directed in accordance with a YESarrow to a step 202. The step 202 compares the received biometric signal102 with information in the biometric signature database 105 in order toensure that the biometric signal received 102 is that of the rightfuluser 101 of the transmitter sub-system 116.

A subsequent testing step 203 checks whether the comparison in the step202 yields the desired authentication. If the biometric signaturematching is authenticated, then the method 200 is directed in accordancewith a YES arrow to a step 204. In the step 204 the controller 107 sendsthe signal 112 to the switch module 113 to close the normally openswitch 127 to allow the coil 129 to be excited when the proximity cardmodule 126 is placed within range of the code entry module 130. Then atthe next step 205, upon the proximity card module 126 being placedwithin the field of the code entry module 130, the coil 129 is excitedand charges the capacitor 131, which in turn energizes the IC 128. TheIC 128 then transmits, as depicted by an arrow 132, the card numberstored within the IC 128, via the coil, to the code entry module 130.The method 200 is then directed in accordance with an arrow 206 back tothe step 201.

Returning to the testing step 203, if the signature comparison indicatesthat the biometric signal 102 is not authentic, and has thus not beenreceived from the proper user, then the method 200 is directed inaccordance with a NO arrow back to the step 201. In an alternatearrangement, the NO arrow from the step 203 could lead to a disablingstep which would disable further operation of the transmitter sub-system116, either immediately upon receipt of the incorrect biometric signal102, or after a number of attempts to provide the correct biometricsignal 102.

FIG. 4 shows the method of operation of the receiver sub-system 117 ofFIG. 2. The method 300 commences with a testing step 301 whichcontinuously checks whether the signal 108 including the card number hasbeen received from code entry module 130. The step 301 is performed bythe controller 109. As long as the signal 108 is not received the method300 is directed in accordance with a NO arrow in a looping manner backto the step 301. When the signal 108 is received, the method 300 isdirected from the step 301 by means of a YES arrow to a step 302. In thestep 302, the controller 109 compares the card number received by meansof the signal 108 with one or more card numbers stored in the database115. A subsequent testing step 303 is performed by the controller 109.In the step 303 if the card number received on the signal 108 issuccessfully matched against a card number stored in the database 115then the method 300 is directed in accordance with a YES arrow to a step304.

In the step 304 the controller 109 sends the control signal 110 to thecontrolled item 111 (for example opening the secured door). The method300 is then directed from the step 304 as depicted by an arrow 305 backto the step 301.

Returning to the testing step 303 if the card number received on thesignal 108 is not successfully matched against card number stored in thedatabase 115 by the controller 109 then the method 300 is directed fromthe step 303 in accordance with a NO arrow back to the step 301. As wasdescribed in regard to FIG. 3, in an alternate arrangement, the method300 could be directed, if the card number match is negative, from thestep 303 to a disabling step which would disable the receiver sub-system117 if the incorrect card number where received once or a number oftimes.

In the exemplary embodiment described above, the IC 128 merely storesinformation in the form of a unique card number. In an alternativeembodiment, the IC 128 may be a smart card chip which may be used tostore one or more other values as well as the unique card number. Suchan embodiment provides particular advantages where the transmittersub-system 116 is being used to pay for a service. For example, the IC128 may further comprise a memory (not shown) containing a “storedvalue” representing an amount of money where the transmitter sub-system116 is being used for paying the fare on a bus or other form of publictransport.

FIG. 5A shows a method 500 of operation of the transmitter sub-system116 of FIG. 2 where the IC 128 is a smart card chip containing a storedvalue representing an amount of money, in accordance with thealternative embodiment. The method 500 commences with a testing step 501in which the biometric sensor 121 in the code entry module 103 checkswhether a biometric signal 102 is being received. If this is not thecase, then the method 500 is directed in accordance with a NO arrow backto the step 501 in a loop. If, on the other hand, the biometric signal102 has been received, then the method 500 is directed in accordancewith a YES arrow to a step 502. The step 502 compares the receivedbiometric signal 102 with information in the biometric signaturedatabase 105 in order to ensure that the biometric signal received 102is that of the rightful user 101 of the transmitter sub-system 116.

A subsequent testing step 503 checks whether the comparison in the step502 yields the desired authentication. If the biometric signaturematching is authenticated, then the method 500 is directed in accordancewith a YES arrow to a step 504. In the subsequent step 504 thecontroller 107 sends the signal 112 to the switch module 113 to closethe normally open switch 127 to allow the coil 129 to be excited whenthe proximity module 126 is placed within range of the code entry module130. Then at the next step 505, upon the proximity module 126 beingplaced within the field of the code entry module 130, the coil 129 isexcited and charges the capacitor 131, which in turn energizes the IC128. The IC 128 then transmits, as depicted by the arrow 132, the cardnumber stored within the IC 128, via the coil, to the code entry module130.

At the next step 506, the proximity module 126 receives a signal, asdepicted by the arrow 133, from the code entry module 130. In thedescribed arrangement, the signal 133 is received via the coil 129acting as a receive antenna. Then at the next step 507, the IC 128decrements the stored value by a predetermined amount. Thispredetermined amount may represent the fare for a trip on a bus, forexample. In another alternative embodiment, the signal 133 received fromthe code entry module 130 may include a value indicating an amount thatneeds to be decremented from the stored value in step 507. In thisinstance, the IC 128 decrements the stored value by the amountrepresented by the value received from the code entry module 130.Accordingly, the stored value is decremented by an amount (i.e., eitherpredetermined or variable) depending on the information (such as thecard number) contained in the secure access signal 132 and the proximitymodule 126 never has to leave the user's hand. Following step 507, themethod 500 is then directed in accordance with an arrow 508 back to thestep 501.

FIG. 5B shows a method 510 of operation of the receiver sub-system 117of FIG. 2 where the IC 128 is the smart card chip containing the storedvalue of FIG. 5A. The method 510 commences with a testing step 511 whichcontinuously checks whether the signal 108 including the card number hasbeen received from code entry module 130. The step 511 is performed bythe controller 109. As long as the signal 108 is not received theprocess 510 is directed in accordance with a NO arrow in a loopingmanner back to the step 511. When the signal 108 is received, the method510 is directed from the step 511 by means of a YES arrow to a step 512.In the step 512, the controller 109 compares the card number received bymeans of the signal 108 with the card numbers stored in the database115. A subsequent testing step 513 is performed by the controller 109.In the step 513 if the card number received on the signal 108 issuccessfully matched against a card number stored in the database 115then the method 510 is directed in accordance with a YES arrow to a step514. In the step 514, the controller 109 sends a signal, as representedby arrow 134 of FIG. 2, to the code entry module 130 indicating that thecard number was successfully matched.

In the alternative embodiment of FIG. 5A, the amount by which the storedvalue should be decremented (i.e., the amount of the fare) ispredetermined. However, in one arrangement, the amount by which thestored value should be decremented may be variable (e.g., where the fareis variable). In this instance, the signal 134 may include a valuerepresenting the value of the fare.

At step 515, if the code entry module 130 determines that the storedvalue is more than the fare, then the method 510 is directed by a YESarrow to a step 516. The code entry module 130 may read a particularmemory address in the IC 128 to determine if the stored value is morethan the fare.

At step 516, the code entry module 130 sends the signal 133 to theproximity module 126 to indicate that the stored value should bedecremented by the predetermined amount. As described above, the signal133 may include a value indicating an amount that needs to bedecremented from the stored value. At step 516, the code entry module130 may also send a further signal to the controller 109 which in turnsends a signal 110 to the controlled item 111. In this instance, thecontrolled item may merely produce an audible tone indicating that thefare has been paid. Alternatively, the controlled item 111 may open agate or enable a turnstile. The method 510 is then directed from thestep 516 as depicted by an arrow 517 back to the step 511.

Returning to the testing step 513 if the card number received on thesignal 108 is not successfully matched against card number stored in thedatabase 115 by the controller 109 then the method 510 is directed fromthe step 513 in accordance with a NO arrow back to the step 511. In thisinstance, the controller 109 may send a signal 110 to the controlleditem 111 which then sounds an audible alert to indicate that the farehas not been paid.

Returning to the testing step 515, if the code entry module 130determines that the stored value is less than the fare, then the process510 is directed from the step 515 in accordance with a NO arrow back tothe step 511. Again, in this instance, the controller 109 may send asignal 110 to the controlled item 111 which then sounds an audible alertto indicate that the fare has not been paid.

In the embodiment of FIGS. 5A and 5B, the code entry module 130 mayinclude a liquid crystal display (LCD) screen (not shown) for providingfeedback to the user 101. In this instance, at step 515, the code entrymodule 130 may display the amount of the fare as well as the amount ofthe stored value representing the remaining amount of money on theproximity card module 126.

The transmitter sub-system 116 as described with reference to FIGS. 5Aand 5B may also be configured to enable value to be added to the storedvalue. For example, a cash station similar to a train ticket vendingmachine may be configured with a card reader similar to the code entrymodule 130. In this instance, upon entering an amount of money into thevending machine (e.g., via a note collector) and providing a biometricrequest to the bio sensor 121, the proximity module 126 may be placedwithin the field of the card reader 130 of the vending machine. The cardreader 130 may then send a signal to proximity module 126 indicating thevalue of the money entered into the vending machine and thecorresponding amount by which the stored value is to be incremented.

The transmitter sub-system 116 including the switch module 113 and theproximity module 126 may also include an LCD screen (not shown) forproviding feedback to the user 101. The LCD screen may be used fordisplaying information, such as the stored value, stored on thetransmitter sub-system 116. In this instance, at step 507 of the method500, the LCD of the transmitter sub-system 116 may display the amount ofthe fare as well as the amount of the stored value representing theremaining amount of money stored in the IC of the proximity module 126.In this instance, the LCD and the IC 128 included in the transmittersub-system 116 may be powered by a battery (e.g., a battery incorporatedwithin the remote fob). In this instance, the user 101 may determine theamount of money remaining on the transmitter sub-system 116 bypresenting a biometric request. After the biometric has beenauthenticated in the manner described above, the amount of the storedvalue may be displayed on the LCD.

The IC 128 may also be used to store personal details, health records,account balances, personal identification numbers (PIN) and/or otherpertinent data. Again, after a biometric has been authenticated in themanner described above, the personal details, medical records, accountbalances and/or PIN may be displayed on the LCD.

The IC 128 may also be used to store audit trail information so that arecord is kept of the date and time that the user 101 attempted to gainaccess to the controlled item 111.

As will be described in detail below, the ICs such as the IC 128 mayalso be used to generate a one-time dynamic password for use in onlinebanking applications or the like. If the identity of the user 101 isauthenticated successfully upon the user presenting a particularbiometric (e.g., an index finger), as described above, then thebiometric module 103 sends the signal 106 to the controller 107. Thecontroller 107 may then access a key stored in a key database 113 (notshown) and generate a one-time password using the key and the currenttime which the controller 107 determines from a clock (not shown). Thepassword may be displayed on the LCD. The password may be generatedusing the RSA encryption algorithm. However, any suitable encryptionalgorithm may be used (e.g., Data Encryption Standard (DES), Blowfish,International Data Encryption Algorithm (IDEA)). The user may thenprovide the generated password read from the LCD to an authenticationserver via a personal computer and communications network (see FIG. 11)in order to make an online banking transaction, for example.

The transmitter sub-system 116 of any of the described embodiments maybe used in automotive applications where the controlled item 111 is thecentral locking of a car. The controlled item 111 may also activate ordeactivate an engine immobiliser.

The transmitter sub-system 116 of any of the embodiments described mayalso be used in resort areas, hotels, theme parks or the like. In thisinstance, the internal operators of the resort areas, hotels and themeparks may issue the transmitter sub-system 116 incorporated within aremote fob, for example, to the user 101. The user 101 may then operatethe transmitter sub-system 116 within the confines of the resort, hotelor theme park to enter their room or to have a go on a ride, where thecode entry module 130 is mounted on a door jamb or near a gate,respectively.

Any suitable and secure method may be used for populating the user IDdatabase 105 with biometric signatures. Biometric signatures may beadded to the user ID database 105 or deleted from the database 105. Forexample, if a biometric signal has been received by the biometric module103 and the user ID database 105 in FIG. 2 is empty, then the receivedbiometric may be treated as an “administrator.” This would be the case,for example, if the biometric module 103 is new and has never been used,or if the user 101 has erased all the information in the database 105.The administrator may have the ability to amend data stored, forexample, in the database 105. Another type of user may be termed an“ordinary user” and may not have the capability to amend the data storedin the database 105.

The first user of the biometric module 103, whether this is the user whopurchases the module, or the user who programs the module 103 after alldata has been erased from the database 105, may be automaticallycategorised as an administrator. This first administrator may direct thesystem 100 to either accept further administrators, or alternately toonly accept further ordinary users.

FIG. 6 is a schematic block diagram of the system 100′ in FIG. 2. Thedisclosed secure access methods are preferably practiced using acomputer system arrangement 100′, such as that shown in FIG. 6 whereinthe processes of FIGS. 3-5B and FIGS. 9, 12 and 14 may be implemented assoftware, such as application program modules executing within thecomputer system 100′. In particular, the method steps for providingsecure access are effected by instructions in the software that arecarried out under direction of the respective processor modules 107 and109 in the sub-systems 116 and 117. The instructions may be formed asone or more code modules, each for performing one or more particulartasks. The software may also be divided into two separate parts, inwhich a first part performs the provision of secure access methods and asecond part manages a user interface between the first part and theuser. The software may be stored in a computer readable medium,including the storage devices described below, for example. The softwareis loaded into the sub-systems 116 and 117 from the computer readablemedium, and is then executed under direction of the respective processormodules 107 and 109. A computer readable medium having such software orcomputer program recorded on it is a computer program product. The useof the computer program product in the computer preferably effects anadvantageous apparatus for provision of secure access.

The following description is directed primarily to the transmittersub-system 116, however the description applies in general to theoperation of the receiver sub-system 117. The computer system 100′ isformed, having regard to the transmitter sub-system 116, by thecontroller module 107, input devices such as the bio sensor 121, outputdevices including the LEDs 122, the audio device 124 and the switchmodule 113.

The controller module 107 typically includes at least one processor unit1005, and a memory unit 1006, for example formed from semiconductorrandom access memory (RAM) and read only memory (ROM). The controllermodule 107 also includes a number of input/output (I/O) interfacesincluding an audio-video interface 1007 that couples to the LED display122 and audio speaker 124, an I/O interface 1013 for the bio-sensor 121and the switch module 113. The switch module 113 is connected to theproximity module 126.

The components 1005, 1007, 1013 and 1006 of the controller module 107typically communicate via an interconnected bus 1004 and in a mannerwhich results in a conventional mode of operation of the controller 107known to those in the relevant art.

Typically, the application program modules for the transmittersub-system 116 are resident in the memory 1006 iROM, and are read andcontrolled in their execution by the processor 1005. Intermediatestorage of the program and any data fetched from the bio sensor 121 anda network, for example, may be accomplished using the RAM in the memory1006. In some instances, the application program modules may be suppliedto the user encoded into the ROM in the memory 1006. Still further, thesoftware modules can also be loaded into the transmitter sub-system 116from other computer readable media (e.g., over a communicationsnetwork). The term “computer readable medium” as used herein refers toany storage or transmission medium that participates in providinginstructions and/or data to the transmitter sub-system 116 for executionand/or processing. Examples of storage media include floppy disks,magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, amagneto-optical disk, or a computer readable card such as a PCMCIA cardand the like, whether or not such devices are internal or external ofthe transmitter sub-system 116. Examples of transmission media includeradio or infra-red transmission channels as well as a network connectionto another computer or networked device, and the Internet or Intranetsincluding e-mail transmissions and information recorded on Websites andthe like.

FIGS. 7A and 7B show an alternate arrangement for enabling the proximitymodule in FIG. 2. FIG. 7A shows the proximity arrangement of FIG. 2, inwhich the control signal 112 from the controller 107 of the transmittersub-system 116 is used to control the switch module 113. When the switch127 is open, the series circuit comprising the IC 128, the coil 129 andthe capacitor 131 is open, and thus the proximity module 126 is disabledand cannot operate when it is brought into the field emitted by the codeentry module 130. When the switch 127 is closed, the series circuitcomprising the IC 128, the coil 129 and the capacitor 131 is closed, andthus the proximity module 126 is enabled and can perform its designatedfunctions when brought into the field emitted by the code entry module130. In this arrangement, the control signal 112 can be a simple isbinary signal, in which for example one voltage level can cause theswitch 127 to be in an open state, and another voltage level can causethe switch 127 to be in an open state.

FIG. 7B shows an alternate arrangement 702 in which a proximity module704 has a series circuit comprising an IC 705, a coil 707 and acapacitor 706 that is permanently closed, and in this arrangement, acontrol signal 703 controls the operation of the IC 705 directly. Inthis arrangement, the control signal can in one example comprise asecure encrypted communication session, using multiple layers ofsecurity if desired, between the controller 107 (see FIG. 2) and the IC705. In another simpler arrangement, the control signal 703 can be asimple binary signal which merely enables or disables the operation ofthe IC 705. Upon receiving the signal 112 from the controller 107, theIC 705 remains enabled for a predetermined period of time (e.g., four tofive seconds). Within this period the proximity module 704 is enabledand may be placed by the user 101 within range of a radio frequencyfield being emitted by a code entry module 130. Although the arrangementof FIG. 7B shows one series circuit for each IC 705, other arrangementsmay be used which share some of the components such as the coils and/orthe capacitors.

The communication between the controller 107 and the IC 705 can beimplemented using data and/or address bus communications, via a directbus connection between the controller 107 and the IC 705. Alternatively,the communication between the controller 107 and the IC 705 can beimplemented using a contactless communication interface comprising theseries circuit of the IC 705, the coil 707 and the capacitor 706. Thecontactless communication interface between the controller 107 and theIC 705 is a software interface. Any suitable contactless communicationinterface may be used. In one example, the controller 107 maycommunicate with the IC 705 according to the Sliding Window Protocol(SWP).

FIG. 8 shows how the secure access system of FIG. 2 can, using theproximity module arrangement of FIG. 7B, support multiple selectableproximity modules (e.g., 806A and 806B). FIG. 8 shows the biometricmodule 103 of FIG. 2 together with the audio transducer 124, the LEDindicators 122 and the bio sensor 121. In this arrangement 800 howeverthe biometric module 103 also has a set 801 of control selectorsdesignated selectors 1-4 in the present example for selecting one ormore control functions. A greater or smaller number of selectors can beincorporated as desired. Furthermore, the module 103 has an LCD display802.

According to this arrangement, once the identity of the user 101 isauthenticated successfully, the user may select one of the set 801 ofthe selectors such as the selector designated “1”. In response to such aselection, the biometric module 103 sends a signal 803 to the controller107. Upon receiving the signal 803, the controller 107 sends a controlsignal on a control line 807A to a corresponding proximity module 806A.Upon receiving the signal 807A from the controller 107, the proximitymodule 806A remains enabled for a predetermined period of time (e.g.,four to five seconds). Within this period the proximity module 806A isenabled and may be placed by the user 101 within range of a radiofrequency field being emitted by a code entry module 130. Again, thebiometric module 103, the controller 107 and the plurality of theproximity modules (e.g., 806A, 806B) may, for example, be incorporatedwithin a remote fob or mobile telephone, together with the switch module113 and the user ID database 105. The arrangement of FIG. 8 can be usedto incorporate a number of different ICs (e.g., 705A, 705B) (being theservice provider specific elements in the corresponding proximitymodules) in a single transmitter sub-system 116, each IC and associatedproximity module being associated with a different service provider(such as VISA®, MASTERCARD®, AMERICAN EXPRESS® and so on). Thisarrangement would enable the user 101, after biometric authentication,to select the appropriate service provider by pressing the appropriateselector in the set 801 of selectors, and to then bring thecorresponding proximity module 806A into the field emitted by the codeentry module 130. In fact, all of the proximity modules incorporatedinto the transmitter sub-system 116 are being brought into the fieldemitted by the code entry module 130 however only the desired proximitymodule 806A is enabled by the signal 803.

The LCD display 802 can show the user 101 which service provider hasbeen selected, thereby confirming to the user that the desired serviceprovider has been selected. The display 802 can be provided before theuser places the proximity module (e.g., 806A) into the field emitted bythe corresponding code entry module 130.

In a more general case, the various selectable proximity modules (e.g.,806A, 806B) can be associated with service providers from diversefields, namely financial, security, automotive, individualidentification and so on, and can have different interfaces with therespective code entry modules such as 130. Therefore, the ICs 705A, 705Bconfigured within the proximity modules 806A, 806B may include acombination of ICs such as the known HID™ proximity IC, iCLASS IC, andMifare™ IC, each for a distinct application and using a differentinterface. The user 101 may select the desired application using the set801 of selectors, and optionally can receive feedback on the selectionvia the LCD display 802.

Security and payment functionality may be combined using one or moreiterations of authentication and selection, thus facilitating operationwith existing infrastructure. For example, the proximity module 806A andcorresponding IC 705A may contain a stored unique number for use insecure access and the proximity module 806B and corresponding IC 705Bmay contain a stored value for use in making cashless payments asdescribed above.

The controller 107 may also be configured to generate a one-time dynamic“time-dependent” or “event-synchronous” password. Upon authentication ofa user's biometric as described above with reference to FIG. 3, thecontroller 107 may access a key stored in a database (e.g., the database115). The controller 107 may then generate a one-time time-dependentpassword using the key and the current time (as a dynamic input value),for example. The current time may be determined from a computer clock(not shown) configured within the arrangement 800 of FIG. 8. Thepassword may be generated using the RSA encryption algorithm or anyother suitable encryption algorithm (e.g., Data Encryption Standard(DES), Blowfish, International Data Encryption Algorithm (IDEA)).

Accordingly, a password may be generated using the current time as theinput value to the encryption process. It is noted that this is merelyone arrangement, and other input values such as a simple counter valueor a random number may be used as with event-synchronous tokens andasynchronous challenge/response tokens. Further, other mathematicalalgorithms or codes can equally be used to generate the one-timepassword. For example, the password may be generated using a rollingcode to generate a different code variant each time the password isgenerated. In this instance, successive passwords may be generated usinga code and/or a look-up table known to both the code entry module 103and receiver sub-system 117. Using this approach successive numbers aremodified, resulting in a non-repeatable number.

The user 101 may make a payment (e.g., a VISA® payment) at aconventional (i.e., not using the proximity module) payment terminal oronline by selecting the appropriate selector from the set 801, thenpressing a suitable combination of the selectors 801 as guided by adisplay on the LCD screen 802 and waiting for a one-time password to begenerated and shown on the display 802. The password may then bemanually entered into the keyboard of the payment terminal or personalcomputer. This approach supports applications includingbusiness-to-business on line payments through to standard contactlesspayments at existing payment terminals.

FIG. 9 shows a method 900 of operation of the arrangement 800 of FIG. 8according to one example. In the example of FIG. 9, the user 101generates a dynamic password using the arrangement 800 of FIG. 8. Thedynamic password may then be used for making an online payment to abusiness website. In the present example, the online payment is beingmade using a VISA® account. The example provides a secure scenario as areference to a typical transaction. However, variations of the steps ofthe methods described below including input from the user 101, biometricreads, generation of dynamic passwords, display of current accountbalances, can be used to conduct various transactions.

The method 900 of FIG. 9 may be implemented as software, such asapplication program modules being controlled in their execution by thecontroller 107 and being resident in the memory 1006 of the controller107. The method 900 commences with a testing step 901 in which thebiometric sensor 121 in the code entry module 103 checks whether abiometric signal 102 is being received. If this is not the case, thenthe method 900 is directed in accordance with a NO arrow back to thestep 901 in a loop. If, on the other hand, the biometric signal 102 hasbeen received, then the method 900 is directed in accordance with a YESarrow to a step 902. The step 902 compares the received biometric signal102 with information in the biometric signature database 105 in order toensure that the biometric signal received 102 is that of the rightfuluser 101.

A subsequent testing step 903 checks whether the comparison in the step902 yields the desired authentication. If the biometric signaturematching is authenticated, then the method 900 is directed in accordancewith a YES arrow to a step 904. At step 904, the controller 107 detectsselection of one of the selectors of the set 801. In the presentexample, the selector “1” of the set 801 is selected. In response toselection of the selector “1”, at the next step 905, the controller 107displays the value, stored on one of the ICs, representing availablefunds. In the present example, the IC 705A is a VISA® IC for makingVISA® card payments and comprises the stored value. The value isdisplayed on the LCD 802. In the present example, the controller 107displays $156.56 which represents the balance of the user's VISA™account.

At the next step 906, if within a predetermined period of time (e.g., 30seconds) the controller 107 again detects selection of the same selector(i.e., selector “1”) of the set 801, then the method 900 is directed inaccordance with a YES arrow to a step 907. Otherwise, the method 900 isdirected in accordance with a NO arrow to the step 901. At step 907, thecontroller 107 generates a dynamic password (i.e., a first dynamicpassword), using the RSA encryption algorithm, as described above. Thedynamic password is displayed on the LCD 802.

In the present example, the dynamic password generated at step 907 is “23 4 9 8 7 8 9”. The dynamic password will be different each time it isgenerated. The dynamic password may be a time-dependent password wherethe current time is used as the input value to the encryption process.The available funds and the unique token serial number are alsopreferably encrypted with the generated password. Alternatively, thedynamic password may be an event-synchronous password.

In accordance with the present example, the first dynamic passwordgenerated and displayed by the controller 107 at step 907 is enteredinto a computer module 1101 of a computer system 1100 as shown in FIG.11, in order to make the online payment to the business website. Theonline payment is made in accordance with a method 1000 of making anonline payment, which will be described in detail below with referenceto FIG. 10. The method 1000 may be may be implemented using the computersystem 1100, wherein the process of FIG. 10 may be implemented assoftware, such as one or more application programs executable within thecomputer system 1100. In particular, the steps of method 1000 may beeffected by instructions in the software that are carried out within thecomputer system 1100. The instructions may be formed as one or more codemodules, each for performing one or more particular tasks. The softwaremay also be divided into two separate parts, in which a first part andthe corresponding code modules performs the method 1000 and a secondpart and the corresponding code modules manage a user interface betweenthe first part and the user. The software may be stored in a computerreadable medium, including the storage devices described below, forexample. One or more portions of the software may be stored within thecomputer module 1101 and also on a remote server 1150, as will bedescribed below. The software is loaded into the computer system 1100from the computer readable medium, and then executed by the computersystem 1100. A computer readable medium having such software or computerprogram recorded on it is a computer program product as described above.The use of the computer program product in the computer system 1100preferably effects an advantageous apparatus for implementing the method1100.

As seen in FIG. 11, the computer system 1100 is formed by a computermodule 1101, input devices such as a keyboard 1102 and a mouse pointerdevice 1103, and output devices including a printer 1115, a displaydevice 1114 and loudspeakers 1117. An external Modulator-Demodulator(Modem) transceiver device 1116 may be used by the computer module 1101for communicating to and from a communications network 1120 via aconnection 1121. The network 1120 may be a wide-area network (WAN), suchas the Internet or a private WAN. Where the connection 1121 is atelephone line, the modem 1116 may be a traditional “dial-up” modem.Alternatively, where the connection 1121 is a high capacity (e.g.:cable) connection, the modem 1116 may be a broadband modem. A wirelessmodem may also be used for wireless connection to the network 1120.

In accordance with the present example, a server 1150 hosting a paymentswebsite (e.g., a utility website such as the phone company or bankwebsite) is connected to the network 1120.

The computer module 1101 typically includes at least one processor unit1105, and a memory unit 1106 for example formed from semiconductorrandom access memory (RAM) and read only memory (ROM). The module 1101also includes an number of input/output (I/O) interfaces including anaudio-video interface 1107 that couples to the video display 1114 andloudspeakers 1117, an I/O interface 1113 for the keyboard 1102 and mouse1103 and optionally a joystick (not illustrated), and an interface 1108for the external modem 1116 and printer 1115. In some implementations,the modem 1116 may be incorporated within the computer module 1101, forexample within the interface 1108. The computer module 1101 also has alocal network interface 1111 which, via a connection 1123, permitscoupling of the computer system 1100 to a local computer network 1122,known as a Local Area Network (LAN). As also illustrated, the localnetwork 1122 may also couple to the wide network 1120 via a connection1124, which would typically include a so-called “firewall” device orsimilar functionality. The interface 1111 may be formed by an Ethernet™circuit card, a wireless Bluetooth™ or an IEEE 802.11 wirelessarrangement.

The interfaces 1108 and 1113 may afford both serial and parallelconnectivity, the former typically being implemented according to theUniversal Serial Bus (USB) standards and having corresponding USBconnectors (not illustrated). Storage devices 1109 are provided andtypically include a hard disk drive (HDD) 1110. Other devices such as afloppy disk drive and a magnetic tape drive (not illustrated) may alsobe used. An optical disk drive 1112 is typically provided to act as anon-volatile source of data. Portable memory devices, such optical disks(e.g.: CD-ROM, DVD), USB-RAM, and floppy disks for example may then beused as appropriate sources of data to the system 1100.

The components 1105 to 1113 of the computer module 1101 typicallycommunicate via an interconnected bus 1104 and in a manner which resultsin a conventional mode of operation of the computer system 1100 known tothose in the relevant art. Examples of computers on which the describedarrangements can be practised include IBM-PC's and compatibles, SunSparcstations, Apple Mac™ or alike computer systems evolved therefrom.

Typically, the application program(s) implementing the method 1000 areresident on the hard disk drive 1110 and read and controlled inexecution by the processor 1105. Intermediate storage of such programsand any data fetched from the networks 1120 and 1122 may be accomplishedusing the semiconductor memory 1106, possibly in concert with the harddisk drive 1110. In some instances, the application programs may besupplied to the user encoded on one or more CD-ROM and read via thecorresponding drive 1112, or alternatively may be read by the user fromthe networks 1120 or 1122. Still further, the software can also beloaded into the computer system 1100 from other computer readable media.Computer readable media refers to any storage medium that participatesin providing instructions and/or data to the computer system 1100 forexecution and/or processing. Examples of such media include floppydisks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integratedcircuit, a magneto-optical disk, or a computer readable card such as aPCMCIA card and the like, whether or not such devices are internal orexternal of the computer module 1101. Examples of computer readabletransmission media that may also participate in the provision ofinstructions and/or data include radio or infra-red transmissionchannels as well as a network connection to another computer ornetworked device, and the Internet or Intranets including e-mailtransmissions and information recorded on Websites and the like.

The second part of the application programs and the corresponding codemodules mentioned above may be executed to implement one or moregraphical user interfaces (GUIs) to be rendered or otherwise representedupon the display 1114. Through manipulation of the keyboard 1102 and themouse 1103, a user of the computer system 1100 and the application maymanipulate the interface to provide controlling commands and/or input tothe applications associated with the GUI(s).

The method 1000 may alternatively be implemented in dedicated hardwaresuch as one or more integrated circuits performing the functions or subfunctions of FIG. 10. Such dedicated hardware may include graphicprocessors, digital signal processors, or one or more microprocessorsand associated memories.

The method 1000 begins at step 1010, where after receiving the firstpassword entered by the user 101, the method 1000 proceeds to step 1011.At step 1011, the password is transmitted by the processor 1105 to theserver 1150 hosting the payments website. Then at the next step 1012,the server 1150 verifies the password entered by the user 101 bygenerating another dynamic password and comparing the passwords. Inorder to generate the password, the server 1150 accesses a key(associated with the user 101 of the code module 103) stored in a keydatabase 1151 and determines the current time from a system clock 1152.In the present example, the key database 1151 may be configured within ahard disk drive (not shown) of the server 1150. The server 1150generates the password using the key and the current time determined byencrypting a value representing the current time, using the RSAencryption algorithm, which is the same encryption algorithm used by thecontroller 107. Also at step 1012, the server 1150 determines availablefunds (i.e. $156.56) by determining the amount from the password enteredby the user 101.

Once the dynamic password is entered into the computer module 1101 andverified by the server 1150, the user 101 makes another request usingthe arrangement of FIG. 8 in order to select the amount of funds wishingto be debited from their account. The amount of funds selected by theuser 101 is then debited from the value stored on the IC (e.g., 705A)corresponding to their account. FIG. 12 shows a method 1200 of debitingan amount of funds from an account.

The method 1200 commences at step 1201, where the controller 107 detectsselection of another one of the selectors of the set 801. In the presentexample, the selector “2” of the set 801 is selected. In response toselection of the selector “2”, at the next step 1202, the controller 107prompts the user 101 to enter the amount that they wish to pay whichalso represents the amount to be debited from their account (i.e. theirVISA® account).

At the next step 1203, the controller 107 determines the amount wishedto be payed based on an amount entered by the user 101 and displays thisamount on the LCD 802. The user may enter the amount using the set ofcontrol selectors 801. For example, the controller 107 may display ageneric amount and the user may select “3” of the set 801 to increase adisplayed amount and “4” to decrease the displayed amount.

The next step 1204 is a testing step in which the biometric sensor 121in the code entry module 103 checks whether a biometric signal 102 isbeing received. If this is not the case, then the method 1200 isdirected in accordance with a NO arrow back to the step 1206 in a loop.If, on the other hand, the biometric signal 102 has been received, thenthe method 1200 is directed in accordance with a YES arrow to a step1205. The step 1205 compares the received biometric signal 102 withinformation in the biometric signature database 105 in order to ensurethat the biometric signal received is that of the rightful user 101.

A subsequent testing step 1206 checks whether the comparison in the step1205 yields the desired authentication. If the biometric signaturematching is authenticated, then the method 1200 is directed inaccordance with a YES arrow to a step 1207. At step 1207, the controller107 generates a second dynamic password, using the RSA encryptionalgorithm with the current time being used as the input value to theencryption process, as described above. The dynamic password isdisplayed on the LCD 802. In the present example, the dynamic passwordgenerated at step is “5 6 8 8 8 1 8 9”. Again, the second dynamicpassword is a time-dependent password. However, the second password mayalso be an event-synchronous password. The amount determined at step1203 representing the amount of funds to be payed is also encryptedwithin the dynamic password. The method 1200 concludes at the next step1208, where the amount of funds entered by the user at step 1203 isdeducted from the value stored on the IC 705A.

In accordance with the present example, the second dynamic passwordgenerated and displayed by the controller 107 at step 1207 is enteredinto the computer module 1101 to complete the online payment to thebusiness website.

Returning to FIG. 10, at the next step 1013, after receiving the seconddynamic password entered by the user 101, the method 1000 proceeds tostep 1014. At step 1014, the second password is transmitted by theprocessor 1105 to the server 1150 hosting the payments website. Then atthe next step 1015, the server 1150 verifies the password entered by theuser 101 by generating still another dynamic password and comparing thepasswords as described above. In order to generate this still furtherpassword, the server 1150 accesses the key (associated with the user 101of the code module 103) stored in the key database 1151 and determinesthe current time from the system clock 1152, as described above. Also atstep 1015, the server 1150 determines the amount to be paid bydecrypting the amount from the second password entered by the user 101.

The method 1000 concludes at the next 1016, where the payment isprocessed by the server 1150. The payment transaction can be reconciledto the customer in a monthly statement.

Variations on the methods described above can also be used for secureaccess, for example, to gain entry to a building. For example, thedynamic password generated at step 907 may be entered into a keypadlocated on a door jamb and being connected to a building securitysystem. In this instance, rather than representing an account balance,the stored value encrypted within the dynamic password can be a personalidentification number (PIN) stored with the transmitter sub-system 116.The building security system then verifies the password entered by theuser 101 by generating another dynamic password and comparing thepasswords. Thus, the PIN used for secure access is enhanced through theneed of a biometric signature.

The dynamic passwords generated at step 907 may have other userinformation encrypted within the dynamic password including a serialnumber related to the transmitter sub-system (configured within atelephone or fob), time of access, type of account and validated finger(e.g., middle finger).

The arrangement of FIG. 8 comprises multiple selectable proximitymodules (e.g., 806A, 806B) each configured in accordance with thearrangement of FIG. 7B. In an alternative arrangement, one antenna(e.g., 707) may be associated with multiple ICs (e.g., all connected inparallel with the antenna). Again, in this instance, each of the ICs maybe separately selectable using separate control lines (e.g., 807A,807B).

FIG. 13 shows how the secure access system of FIG. 2 can, using one ormore conventional proximity modules, be used to perform a securetransaction. FIG. 13 shows the biometric module 103 of FIG. 2 togetherwith the audio transducer 124, the LED indicators 122 and the bio sensor121, and a set 1301 of control selectors designated selectors 1-4 in thepresent example for selecting one or more control functions. The module103 also has an LCD display 802. The arrangement 1300 also has aproximity module 1306. The proximity module 1306 comprises the coil 129,the capacitor 131 and an IC 1307.

In the arrangement 1300 of FIG. 13, the proximity module 1306 isconfigured to be constantly available to be activated, upon being placedwithin the field of the code entry module 130 in a conventional manner,without the need for a control signal such as the control signal 803.That is, no biometric verification is required in the arrangement 1300in order to activate the proximity module 1306.

The arrangement 1300 may also be used to perform secure transactions orthe like, including an online transaction. Rather than the biometricverification being needed in order to activate the proximity module1306, the generation of a dynamic password, as described above, may beutilised to provide an additional security layer, as will be describedbelow.

A method 1400 of performing a transaction using the arrangement 1300 ofFIG. 13 will now be described with reference to FIG. 14. The method 1400begins with a testing step 1401 in which the biometric sensor 121 in thecode entry module 103 checks whether a biometric signal 102 is beingreceived. If this is not the case, then the method 1400 is directed inaccordance with a NO arrow back to the step 1401 in a loop. If, on theother hand, the biometric signal 102 has been received, then the method1400 is directed in accordance with a YES arrow to a step 1402. The step1402 compares the received biometric signal 102 with information in thebiometric signature database 105 in order to ensure that the biometricsignal received 102 is that of the rightful user 101.

A subsequent testing step 1403 checks whether the comparison in the step1402 yields the desired authentication. If the biometric signaturematching is authenticated, then the method 1400 is directed inaccordance with a YES arrow to a step 1404 where the match is indicatedto the user 101 on the display 802. Also at step 1404, the controller107 detects selection of one of the selectors of the set 801. In thepresent example, the selector “1” of the set 801 is selected by the user101. In response to selection of the selector “1”, at the next step1405, the controller 107 generates a dynamic password, using the RSAencryption algorithm, as described above, and displays the dynamicpassword on the LCD 802. The dynamic password is generated based on acard number (associated with the user) stored on the IC 1307. In thepresent example, the dynamic password generated at 1405, is entered intoa keypad or the like (not shown) associated with the code entry module130. The card number may be encrypted within the dynamic password.

Then at the next step 1406, upon the proximity module 1306 being placedwithin the field of the code entry module 130, the coil 129 is excitedand charges the capacitor 131, which in turn energizes the IC 1307. TheIC 1307 then transmits, as depicted by an arrow 1332, the card numberstored within the IC 1307, via the coil 1306, to the code entry module130. A controller (e.g., 109) associated with the code entry module 130then uses the card number to verify the dynamic password as describedabove. In particular, the controller of the code entry module 130generates a dynamic password, using the RSA encryption algorithm, usingthe card number, and compares the generated password to the passwordentered by the user 101. Again, the passwords generated at step 1405 andby the controller may be time-dependent or event-synchronous.

At the next step 1406, the proximity module 1306 receives a signal, asdepicted by the arrow 1333, from the code entry module 130. Then at thenext step 1407, the IC 1307 decrements the stored value by apredetermined amount. This predetermined amount may represent a paymentfor a trip on a bus, for example. In another alternative embodiment, thesignal 1333 received from the code entry module 130 may include a valueindicating an amount that needs to be decremented from the stored valuein step 1407. In this instance, the IC 1307 decrements the stored valueby the amount represented by the value received from the code entrymodule 130. Accordingly, the stored value is decremented by an amount(i.e., either predetermined or variable) depending on the information(such as the card number) contained in the secure access signal 132 andthe proximity module 126 never has to leave the user's hand. Followingstep 1407, the method 1400 is then directed in accordance with an arrow1408 back to the step 1401.

Accordingly, in the example of FIGS. 13 and 14, the dynamic passwordgenerated on the basis of a valid biometric reading, is used to verifythe user of the arrangement 1300. Although in the example of FIGS. 13and 14, the dynamic password was generated first, in alternativearrangements the dynamic password may follow or accompany a payment.

The arrangements described above, including the arrangement 1300 of FIG.13, may also be used with automatic teller machines (ATMs) or point ofsale (POS) devices where a personal identification number (PIN) hasconventionally been used to verify the validity of a card (i.e.,magnetic stripe card or smart card) owner. The dynamic passwordgenerated on the basis of a valid biometric reading may be used toreplace such a FIN, without affecting a conventional transaction. Forexample, in the case of an ATM transaction or electronic funds transferpoint of sale (EFTPOS) transaction, a user inserts their magnetic stripecard (or smart card) into the ATM or swipes the card using an EFTPOSterminal. A card number corresponding to the magnetic stripe card isstored on the IC 1307. At the same time as inserting or swiping theircard, the user may use the arrangement 1300 described above to generatea time-dependent or event-synchronous dynamic password based on a validbiometric reading. Again, the card number corresponding to the magneticstripe card may be encrypted within the generated password. The userthen enters the generated dynamic password into the ATM or EFTPOSterminal. The dynamic password is then verified by a back-end hostserver (e.g., associated with a bank) in the manner described abovebased on the card number.

The arrangements described above, including the arrangement 1300 of FIG.13, may also be used for making an online payment. Again, the dynamicpassword may be used to replace the user's password which hasconventionally been used. At the same time as logging into a bankingwebsite, for example, the user may use the arrangement 1300 describedabove to generate a time-dependent or event-synchronous dynamic passwordbased on a valid biometric reading. Again, a user identification numbercorresponding to the user may be encrypted within the generatedpassword. The user then enters the generated dynamic password into apersonal computer. The dynamic password is then verified by a back-endhost server (e.g., associated with a bank) connected to the personalcomputer in the manner described above based on the user'sidentification number encrypted with the entered password.

The arrangements described above, including the arrangement 1300 of FIG.13 may stop intruders from stealing credit and debit cards for laterfraudulent use in ATM and POS devices. The owner or user of a magneticstripe card would also require the fob or mobile telephone with the cardnumber corresponding to the magnetic stripe card stored thereon. A newdynamic password could then be generated for each ATM or EFTPOStransaction. The dynamic password overcomes the inherent weaknesses inPIN type inputs, due to the dynamic nature of the password andrequirement to validate the owner or user biometrics prior to generatingthat password. If an intruder views a dynamic password input, theycannot replicate it a next time as the password is constantly changing.

Although the arrangement 1300 of FIG. 13 has been described as includingthe proximity module 1307, the arrangement 1300 may not necessarilyinclude such proximity module 1307. An arrangement without a proximitymodule may also be used to perform the transactions described aboveincluding ATM, EFTPOS and online transactions merely by generating adynamic password as described above.

The arrangements described above allow biometric security to be easilyintegrated with existing infrastructure for payment or access systems.The arrangements are simple and effective for secure proof of identity.The user does not need to remember a code, number, name or combination.The arrangements may be used online or offline. The describedarrangements may also be used in wireless systems, alarm panelactivation, garage control, door access, boom-gate access and anywherelong distance secure transmissions are required.

INDUSTRIAL APPLICABILITY

It is apparent from the above that the arrangements described areapplicable to the security industry.

The foregoing describes only some embodiments of the present invention,and modifications and/or changes can be made thereto without departingfrom the scope and spirit of the invention, the embodiments beingillustrative and not restrictive.

The system 100 can also be used to provide authorised access to lightingsystems, building control devices, exterior or remote devices such asair compressors and so on. The system 100 may also be used to gainaccess to online applications. For example, as described above, thetransmitter sub-system 116 may be used to generate a one-time dynamicpassword for use in online banking applications or the like. The conceptof “secure access” is thus extendible beyond mere access to restrictedphysical areas.

Although the present specification has described communication betweenthe transmitter sub-system 116 and the receiver sub-system beingperformed using RF, other communication modes such as capacitivecoupling or infra-red could also be used.

The arrangements described above may comprise a “duress” or “alarm”feature. This feature may be activated using a different predeterminedbiometrics. For example, typically the user may present a particularfinger (e.g., their thumb) for verification prior to enabling theproximity module (e.g., 126) or generating a dynamic password. If thevalid user is under duress by an intruder, the valid user can use analternate finger (e.g., their index finger) to enable the proximitymodule and/or generate a dynamic password, for example. Use of thealternate finger may automatically activate an alarm, thereby bringingemergency services to the situation. Alternatively, the dynamic passwordgenerated based on the alternate finger may include an encrypted alarmnotification. In this instance, when the generated password is enteredinto a keypad, keyboard or the like, an alarm will be automaticallyactivated by a backend controller or server, again bringing theemergency services to the location.

Generating different dynamic passwords based on the verification ofdifferent biometrics may also be used where multiple access areas areselectable from a single point. For example, the arrangements describedabove (e.g., the arrangement 1300) may be configured so that a user'sthumb may be read and verified, as described above, in order to generatea first dynamic password. The first password may be entered into akeypad, for example, to allow the user to enter a first door “1”. Theuser may then present a different finger (e.g., the person's indexfinger) which once verified may result in the generation of a seconddynamic password. The second password may be entered into a keypad, forexample, to allow the user to enter a second door “2”.

1-52. (canceled)
 53. A cellular telephone comprising: a displayconfigured to display information concerning at least one financialaccount associated with a user; a transmitter subsystem comprising abiometric sensor configured to authenticate the user in a database basedupon information received from the biometric sensor; an proximitycircuit including at least one coil, wherein said first proximitycircuit is configured, upon authentication of the user by the biometricsensor, to generate a radio frequency field including encryptedinformation identifying the financial account associated with the userwhen the proximity circuit is placed within range of a point-of-saledevice.
 54. The cellular telephone of claim 53 wherein said firstproximity circuit is further configured to unlock an automobile.
 55. Thecellular telephone of claim 53 further comprising at least one LED. 56.The cellular telephone of claim 53 further comprising a second proximitycircuit including at least one coil.
 57. The cellular telephone of claim56 wherein said second proximity circuit further comprises an inductorand a capacitor.
 58. The cellular telephone of claim 53 wherein saidfirst proximity circuit is configured to activate an automobile engine.59. The cellular telephone of claim 53 wherein said transmittersubsystem is further configured to allow a user to gain access to anapplication stored on the cellular telephone based on information fromthe biometric sensor.
 60. The cellular telephone of claim 53 furthercomprising a processor configured to generate passwords for use by theuser.
 61. The cellular telephone of claim 53 further comprising at leastinfrared emitter.
 62. A cellular telephone configured to transmit asecure signal to a system for performing a secure transaction, thecellular telephone comprising: a biometric sensor; a display; a selectorthrough which a user input is received; a switch; at least one proximitycircuit coupled to the switch; a controller configured to: present datarepresentative of a plurality of financial accounts on the display;receive, via the selector, user input indicative of a selected financialaccount selected from the plurality of financial accounts presented;present, via the display, feedback indicating the selected financialaccount; prompt input of a biometric signal via the biometric sensor;receive, via the biometric sensor, the biometric signal; perform amatching process, thereby to seek matching of the received biometricsignal with a biometric signature contained in memory of the cellulartelephone; in the case that the matching is successful, configure theproximity circuit to transmit a secure signal conveying information tothe system when the proximity circuit is placed within range of a radiofrequency field emitted by the system; wherein the secure transaction isperformed based on the information conveyed within the transmittedsecure signal in order to adjust a financial account associated with thematched signature by an amount provided by the system; wherein thedatabase of biometric signatures is maintained using the cellulartelephone by a user corresponding to the biometric signature containedin memory of the cellular telephone; and wherein the biometric sensor ofthe cellular telephone was used to biometric signature contained inmemory of the cellular telephone.
 63. The cellular telephone accordingto claim 62 wherein the biometric sensor is configured to receive abiometric signal in one of the following forms: retinal pattern, irispattern, face pattern, and palm configuration.
 64. The cellulartelephone of claim 62 wherein the proximity circuit is furtherconfigured to unlock an automobile.
 65. The cellular telephone of claim62 further comprising at least one LED.
 66. The cellular telephone ofclaim 62 further comprising a second proximity circuit including atleast one coil.
 67. The cellular telephone of claim 66 wherein saidsecond proximity circuit further comprises an inductor and a capacitor.68. The cellular telephone of claim 62 wherein said first proximitycircuit is configured to activate an automobile engine.
 69. The cellulartelephone of claim 62 wherein said biometric sensor is furtherconfigured to allow the user to gain access to an application.
 70. Thecellular telephone of claim 62 further comprising a processor configuredto generate passwords for use by the user.
 71. The cellular telephone ofclaim 62 wherein said encrypted information identifying the financialaccount associated with the user comprises the number of the financialaccount associated with the user.
 72. The cellular telephone of claim 62wherein said encrypted information identifying the financial accountassociated with the user comprises a token generated by the cellulartelephone.
 73. The cellular telephone of claim 62 wherein said secondproximity circuit is configured to communicate with a magnetic stripecard reader.
 74. The cellular telephone of claim 62 further comprisingat least infrared emitter.
 75. A cellular telephone configured toperform secure operations, the cellular telephone comprising: abiometric sensor; a display; and at least one proximity circuit; acontroller configured to: receive a biometric signal; perform a matchingprocess, thereby to seek matching of the received biometric signal witha predefined biometric signature contained in memory of the cellulartelephone, wherein the predefined biometric signature is generated basedon input received via the biometric sensor; and in the case that thematching is successful, configuring the at least one proximity circuitto transmit a secure signal conveying information to a payment terminalto provide payment information to a payment terminal when the proximitycircuit is placed within range of a radio frequency field emitted by thepayment terminal, thereby to enable a secure payment transaction;wherein the controller is additionally configured to: receive abiometric signal; perform a matching process, thereby to seek matchingof the received biometric signal with a predefined biometric signaturecontained in memory of the cellular telephone, wherein the predefinedbiometric signature is generated based on input received via thebiometric sensor; and in the case that the matching is successful,configuring the at least one proximity circuit to transmit a securesignal conveying information to an automobile to unlock a locking systemof the automobile when the proximity circuit is placed within range of aradio frequency field emitted by the automobile.
 76. A method foroperating a cellular telephone to transmit a secure signal to a systemfor performing a secure transaction, the method including: presenting ona display unit of the cellular telephone data representative of aplurality of financial accounts; receiving, via a selector of thecellular telephone through which used input is received, user inputindicative of a selected financial account selected from the pluralityof financial accounts presented; presenting, via the display, feedbackindicating the selected financial account; prompt input of a biometricsignal via a biometric sensor provided via hardware of the cellulartelephone; receiving, via the biometric sensor, the biometric signal;performing a matching process, thereby to seek matching of the receivedbiometric signal with a biometric signature contained in physical memoryof the cellular telephone; and in the case that the matching issuccessful, configuring a proximity circuit provided by the cellulartelephone to transmit a secure signal conveying information to thesystem when the proximity circuit is placed within range of a radiofrequency field emitted by the system; wherein the secure transaction isperformed based on the information conveyed within the transmittedsecure signal in order to adjust a financial account associated with thematched signature by an amount provided by the system; wherein thedatabase of biometric signatures is maintained using the cellulartelephone by a user corresponding to the biometric signature containedin memory of the cellular telephone; and wherein the biometric sensor ofthe cellular telephone was used to biometric signature contained inmemory of the cellular telephone.
 77. A method for operating a cellulartelephone configured to perform secure operations, method including:receiving a biometric signal; performing a matching process, thereby toseek matching of the received biometric signal with a predefinedbiometric signature contained in memory of the cellular telephone,wherein the predefined biometric signature is generated based on inputreceived via the biometric sensor; in the case that the matching issuccessful, configuring the at least one proximity circuit to transmit asecure signal conveying information to a payment terminal to providepayment information to a payment terminal when the proximity circuit isplaced within range of a radio frequency field emitted by the paymentterminal, thereby to enable a secure payment transaction; receiving afurther biometric signal at a subsequent time; perform a matchingprocess, thereby to seek matching of the received biometric signal witha predefined biometric signature contained in memory of the cellulartelephone, wherein the predefined biometric signature is generated basedon input received via the biometric sensor; and in the case that thematching is successful, configuring the at least one proximity circuitto transmit a secure signal conveying information to an automobile tounlock a locking system of the automobile when the proximity circuit isplaced within range of a radio frequency field emitted by theautomobile.
 78. A method according to claim 77 wherein the biometricsignal and the further biometric signal are successfully matched to thesame predefined biometric signature contained in memory of the cellulartelephone.